I misread. NGINX doesnt see the certs exist meaning whatever user is running
it doesnt have permissions. Make sure your user running NGINX has access down
the whole folder chain.
Sent from my Galaxy
-------- Original message --------
From: Victor Oppenheimer <vic...@camb.com>
Date: 2/11/24 17:17 (GMT-05:00)
To: Jeremy Cocks via nginx <nginx@nginx.org>
Subject: SSL issue
Thank you so much for the help you have provided me with
nginx on my Windows 2016 server thus far.
I'm now attempting to add serving https files to my
configuration. Although I want to eventually support
a number of servers being browsed for both http and https
pages, I am starting with my oppsprops.com website.
I generated an SSL certificate and private key for the website.
I stored them at the following paths:
C:\nginx\conf\ssl\certs\oppsprops_com.crt
and
C:\nginx\conf\ssl\keys\oppsprops.com.private.key
I then tried to start nginx with various versions of my
nginx.config file with differing results as described below.
I suspect that this only needs a small tweak ... but would appreciate
some guidance in addressing the issue.
Thanks,
Victor
The following full nginx.config file with commented SSL
configuration statements serves http:\\oppsprops.com
successfully.
# directives in the 'main' context
# serves all sites http not https
# uses Adobe Tomcat to serve PDFs which must be in proper case
worker_processes auto;
events { # events context/block
# configuration of connection processing
}
http { # http context specific to HTTP affecting all virtual servers
server_names_hash_bucket_size 64; # avoid multiple server_Name entry
errors
server { # configure oppsprops server
listen 80;
# listen 443 ssl;
server_name oppsprops.com www.oppsprops.com<http://www.oppsprops.com>;
# ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
# ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
server { # configuration of clearwaterescapes HTTP server
server_name clearwaterescapes.com
www.clearwaterescapes.com<http://www.clearwaterescapes.com>;
listen 80;
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# send http://clearwaterescapes.com to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/Clearwater/;
} # end of location block
} # end of clearwaterescapes server block
server { # configure freshpondrentals server
server_name FreshPondRentals.com
www.freshpondrentals.com<http://www.freshpondrentals.com>;
listen 80;
# rewrite ^(.*)$ /$1 permanent; # Make incoming URLs lowercase
# avoid errors when favicon.ico file is missing
location = /favicon.ico {
access_log off;
log_not_found off;
return 204;
}
location / {
# proxy freshpondrentals pages to Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/camb/;
} # end of location block
} # end of freshpondrentals server block
server { # configure yogisource HTTP port 80 server
server_name yogisource.com www.yogisource.com<http://www.yogisource.com>;
listen 80;
location / {
proxy_pass http://yogisource.com:81/;
} # end of location block
} # end of yogisource server block
} # end of http block
______________________________________
Modifying the nginx.config file above to include the following statements
produce the following error.log file errors and nginx fails to start
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com<http://www.oppsprops.com>;
ssl_certificate conf/ssl/certs/oppsprops_com.crt;
ssl_certificate_key conf/ssl/keys/oppsprops.com.private.key;
2024/02/11 14:34:08 [emerg] 14600#11064: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:10 [emerg] 9048#12520: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:14 [emerg] 6620#16260: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:22 [emerg] 13008#12828: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:34:38 [emerg] 13928#1068: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
2024/02/11 14:35:10 [emerg] 3664#8660: cannot load certificate
"C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt": BIO_new_file() failed
(SSL: error:02001003:system library:fopen:No such
process:fopen('C:\nginx/conf/conf/ssl/certs/oppsprops_com.crt','r')
error:2006D080:BIO routines:BIO_new_file:no such file)
_________
Modifying the nginx.config file above to include the following statements
produces no error.log errors but fails to load the page with a browser
error of:
This site can’t be reached
oppsprops.com refused to connect.
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com<http://www.oppsprops.com>;
ssl_certificate ssl/certs/oppsprops_com.crt;
ssl_certificate_key ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
_________________
Modifying the nginx.config file above to include the following statements
also produces no error.log errors but fails to load the page with a
browser error of:
This site can’t be reached
oppsprops.com refused to connect.
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com<http://www.oppsprops.com>;
ssl_certificate /ssl/certs/oppsprops_com.crt;
ssl_certificate_key /ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
______________________________
Modifying the nginx.config file above to include the following statements
also produces no error.log errors but fails to load the page with a
browser error of:
This site can’t be reached
oppsprops.com refused to connect.
server { # configure oppsprops server
listen 80;
listen 443 ssl;
server_name oppsprops.com www.oppsprops.com<http://www.oppsprops.com>;
ssl_certificate c:/nginx/conf/ssl/certs/oppsprops_com.crt;
ssl_certificate_key c:/nginx/conf/ssl/keys/oppsprops.com.private.key;
location /{ # process oppsprops domain using Adobe Tomcat
proxy_pass http://127.0.0.1:8080/vo/;
} # end of location block
} # end of OppsProps server block
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
